Silence, Contract Crew

Description

(Group-IB) Group-IB has exposed the attacks committed by Silence cybercriminal group. While the gang had previously targeted Russian banks, Group-IB experts also have discovered evidence of the group’s activity in more than 25 countries worldwide. Group-IB has published its first detailed report on tactics and tools employed by Silence. Group-IB security analysts’ hypothesis is that at least one of the gang members appears to be a former or current employee of a cyber security company. The confirmed damage from Silence activity is estimated at 800 000 USD.

Silence is a group of Russian-speaking hackers, based on their commands language, the location of infrastructure they used, and the geography of their targets (Russia, Ukraine, Belarus, Azerbaijan, Poland, and Kazakhstan). Although phishing emails were also sent to bank employees in Central and Western Europe, Africa, and Asia). Furthermore, Silence used Russian words typed on an English keyboard layout for the commands of the employed backdoor. The hackers also used Russian-language web hosting services.

Group-IB found several relationships between Silence and TA505, Graceful Spider, Gold Evergreen.

Names

NameName-Giver
SilenceKaspersky
Contract CrewiDefense
Whisper SpiderCrowdStrike
TEMP.TruthTellerFireEye
ATK 86Thales
TAG-CR8Recorded Future

Country

Motivation

  • Financial crime

First Seen

2016

Observed Sectors

Observed Countries

Tools

Operations

Information

Mitre Attack

Playbook

Other Information

Uuid

743a5e7c-a08f-47e1-861c-8789ea1189f9

Last Card Change

2022-12-27